ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 10:38:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changes to abstract shared memory

Browse Source
This commit is contained in:
Your Name
2022-08-01 08:10:45 +01:00
parent e9cb939956
commit 00b5d3792d
7 changed files with 56 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
frida_mode/include/shm.h Normal file
View File

@ -0,0 +1,9 @@
#ifndef _SHM_H
#define _SHM_H
#include <stddef.h>
void *shm_create(size_t size);
#endif

27
frida_mode/src/instrument/instrument.c
View File

@ -1,7 +1,5 @@
#include <fcntl.h> #include <fcntl.h>
#include <unistd.h> #include <unistd.h>
#include <sys/shm.h>
#include <sys/mman.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#include "frida-gumjs.h" #include "frida-gumjs.h"
@ -17,6 +15,7 @@
#include "persistent.h" #include "persistent.h"
#include "prefetch.h" #include "prefetch.h"
#include "ranges.h" #include "ranges.h"
#include "shm.h"
#include "stalker.h" #include "stalker.h"
#include "stats.h" #include "stats.h"
#include "util.h" #include "util.h"
@ -348,29 +347,7 @@ void instrument_init(void) {
transformer = gum_stalker_transformer_make_from_callback( transformer = gum_stalker_transformer_make_from_callback(
instrument_basic_block, NULL, NULL); instrument_basic_block, NULL, NULL);
if (instrument_unique) { if (instrument_unique) { edges_notified = shm_create(__afl_map_size); }
int shm_id =
shmget(IPC_PRIVATE, __afl_map_size, IPC_CREAT | IPC_EXCL | 0600);
if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); }
edges_notified = shmat(shm_id, NULL, 0);
g_assert(edges_notified != MAP_FAILED);
/*
* Configure the shared memory region to be removed once the process
* dies.
*/
if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
FATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
}
/* Clear it, not sure it's necessary, just seems like good practice */
memset(edges_notified, '\0', __afl_map_size);
}
if (instrument_use_fixed_seed) { if (instrument_use_fixed_seed) {

31
frida_mode/src/prefetch.c
View File

@ -1,12 +1,11 @@
#include <errno.h> #include <errno.h>
#include <sys/shm.h>
#include <sys/mman.h>
#include "frida-gumjs.h" #include "frida-gumjs.h"
#include "entry.h" #include "entry.h"
#include "intercept.h" #include "intercept.h"
#include "prefetch.h" #include "prefetch.h"
#include "shm.h"
#include "stalker.h" #include "stalker.h"
#include "util.h" #include "util.h"
@ -285,33 +284,7 @@ void prefetch_init(void) {
* with the coverage bitmap region and fork will take care of ensuring both * with the coverage bitmap region and fork will take care of ensuring both
* the parent and child see the same consistent memory region. * the parent and child see the same consistent memory region.
*/ */
prefetch_shm_id = prefetch_data = shm_create(sizeof(prefetch_data_t));
shmget(IPC_PRIVATE, sizeof(prefetch_data_t), IPC_CREAT | IPC_EXCL | 0600);
if (prefetch_shm_id < 0) {
FFATAL("prefetch_shm_id < 0 - errno: %d\n", errno);
}
prefetch_data = shmat(prefetch_shm_id, NULL, 0);
g_assert(prefetch_data != MAP_FAILED);
/*
* Configure the shared memory region to be removed once the process dies.
* This doesn't work on Android, so we skip it. Would could end up leaking
* shared memory regions though.
*/
#ifndef __ANDROID__
if (shmctl(prefetch_shm_id, IPC_RMID, NULL) < 0) {
FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
}
#endif
/* Clear it, not sure it's necessary, just seems like good practice */
memset(prefetch_data, '\0', sizeof(prefetch_data_t));
prefetch_hook_fork(); prefetch_hook_fork();

36
frida_mode/src/shm.c Normal file
View File

@ -0,0 +1,36 @@
#include "shm.h"
#include "util.h"
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <sys/ipc.h>
#include <sys/mman.h>
#include <sys/shm.h>
void *shm_create(size_t size) {
int shm_id =
shmget(IPC_PRIVATE, size, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR);
if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); }
void *addr = shmat(shm_id, NULL, 0);
if (addr == MAP_FAILED) { FFATAL("addr == MAP_FAILED - errno: %d\n", errno); }
/*
* Configure the shared memory region to be removed once the process
* dies.
*/
if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
}
/* Clear it, not sure it's necessary, just seems like good practice */
memset(addr, '\0', size);
return addr;
}

24
frida_mode/src/stats/stats.c
View File

@ -2,17 +2,16 @@
#include <fcntl.h> #include <fcntl.h>
#include <stdio.h> #include <stdio.h>
#include <unistd.h> #include <unistd.h>
#include <sys/shm.h>
#include <sys/mman.h> #include <sys/mman.h>
#include "frida-gumjs.h" #include "frida-gumjs.h"
#include "config.h" #include "config.h"
#include "util.h"
#include "entry.h" #include "entry.h"
#include "shm.h"
#include "stalker.h" #include "stalker.h"
#include "stats.h" #include "stats.h"
#include "util.h"
#define MICRO_TO_SEC 1000000 #define MICRO_TO_SEC 1000000
@ -360,27 +359,10 @@ void stats_init(void) {
g_free(path); g_free(path);
int shm_id =
shmget(IPC_PRIVATE, sizeof(stats_data_t), IPC_CREAT | IPC_EXCL | 0600);
if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); }
stats_data = shmat(shm_id, NULL, 0);
g_assert(stats_data != MAP_FAILED);
GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserver *observer = stalker_get_observer();
stats_observer_init(observer); stats_observer_init(observer);
/* stats_data = shm_create(sizeof(stats_data_t));
* Configure the shared memory region to be removed once the process dies.
*/
if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
}
/* Clear it, not sure it's necessary, just seems like good practice */
memset(stats_data, '\0', sizeof(stats_data_t));
starts_arch_init(); starts_arch_init();

21
frida_mode/src/stats/stats_arm64.c
View File

@ -1,9 +1,9 @@
#include <sys/shm.h>
#include <sys/mman.h> #include <sys/mman.h>
#include "frida-gumjs.h" #include "frida-gumjs.h"
#include "ranges.h" #include "ranges.h"
#include "shm.h"
#include "stats.h" #include "stats.h"
#include "util.h" #include "util.h"
@ -44,24 +44,7 @@ static stats_data_arch_t *stats_data_arch = NULL;
void starts_arch_init(void) { void starts_arch_init(void) {
int shm_id = shmget(IPC_PRIVATE, sizeof(stats_data_arch_t), stats_data_arch = shm_create(sizeof(stats_data_arch_t));
IPC_CREAT | IPC_EXCL | 0600);
if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); }
stats_data_arch = shmat(shm_id, NULL, 0);
g_assert(stats_data_arch != MAP_FAILED);
/*
* Configure the shared memory region to be removed once the process dies.
*/
if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
}
/* Clear it, not sure it's necessary, just seems like good practice */
memset(stats_data_arch, '\0', sizeof(stats_data_arch_t));
} }

21
frida_mode/src/stats/stats_x86_64.c
View File

@ -1,9 +1,9 @@
#include <sys/shm.h>
#include <sys/mman.h> #include <sys/mman.h>
#include "frida-gumjs.h" #include "frida-gumjs.h"
#include "ranges.h" #include "ranges.h"
#include "shm.h"
#include "stats.h" #include "stats.h"
#include "util.h" #include "util.h"
@ -46,24 +46,7 @@ static stats_data_arch_t *stats_data_arch = NULL;
void starts_arch_init(void) { void starts_arch_init(void) {
int shm_id = shmget(IPC_PRIVATE, sizeof(stats_data_arch_t), stats_data_arch = shm_create(sizeof(stats_data_arch_t));
IPC_CREAT | IPC_EXCL | 0600);
if (shm_id < 0) { FFATAL("shm_id < 0 - errno: %d\n", errno); }
stats_data_arch = shmat(shm_id, NULL, 0);
g_assert(stats_data_arch != MAP_FAILED);
/*
* Configure the shared memory region to be removed once the process dies.
*/
if (shmctl(shm_id, IPC_RMID, NULL) < 0) {
FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
}
/* Clear it, not sure it's necessary, just seems like good practice */
memset(stats_data_arch, '\0', sizeof(stats_data_arch_t));
} }